Don't miss the interview that Red Seguridad magazine publishes with the two heads behind the birth of Pinakes service, Herminio del Campo, Director of the Centro de Cooperación Interbancario, and Antonio Ramos, CECO and founding partner of LEET Security.
Read it here.
Suscribe to our newsletter here
The magazine Red Seguridad interviews our CEO, Antonio Ramos, where he talks about the great challenges facing the cybersecurity industry in Spain and the cyber threats that will predominate this year.
Read it here.
Suscribe to our newsletter here
Suscribe to our newsletter here
Suscribe to our newsletter here
Suscribe to our newsletter here
Suscribe to our newsletter here
Suscribe to our newsletter here
Suscribe to our newsletter here
Suscribe to our newsletter here
Our CEO Antonio Ramos shared computer anecdotes abbout the techies on their day (December 9) with Juanma Ortega in his program “Despiértame Juanma”, at Melodía FM,
Suscribe to our newsletter here
All you need is LEET!
Subscribe to our newsletter here.
All you need is LEET!
Subscribe to our newsletter here.
Interview in 20 Minutos newspaper with our CEO Antonio Ramos
The newspaper 20 Minutos publishes an interview with our CEO, Antonio Ramos, in which he alerts that "cybercriminals are always looking for a way to obtain profitability from their criminal activity."
In the interview, he also reviews the current situation of cybersecurity in Spanish companies, pinpointing the most significant data from the III Companies and Cybersecurity Study, carried out in the spring of this year.
you can read the complete interview here
And if you are interested in knowing the study in more detail, download it at this link.
All you need is LEET!
Subscribe to our newsletter here.
The SCCG will have the responsibility to advise the European Commission and ENISA on strategic issues concerning cybersecurity certification, while assisting the Commission in preparing the Union Rolling Work Programme.
Our CEO, Antonio Ramos, has been selected by the European Commission, as representative of our company, to be a member of the Stakeholder Cybersecurity Certification Group (SCCG). It is a great opportunity to contribute to the activities and role of the SCCG, which aims to overcome the current fragmentation of the European market, by supporting actions towards a harmonized model of the European Cybersecurity Certification Framework.
The Stakeholder Cybersecurity Certification Group has been launched under the Cybersecurity Act and will help the European Commission and ENISA to facilitate consultations with relevant stakeholders. To do so, the group will have several functions, including:
a.- advising the Commission on strategic issues concerning ...
(Read more)
The recently presented Evolutio, a leading company in the integration of cloud and communications services, inherits from BT Spain the cybersecurity accreditations that the company recently renewed with LEET Security: BBB and ENS rating in the medium category, for some of its main services, through of an audit process that unifies the evaluation of the security measures contemplated in both schemes.
The scope, which in its initial evaluation referred to data center services and Cloud infrastructure (IaaS), has been expanded for ENS certification, which now also applies to the information systems on which professional services are provided. Personalized Management, as well as connectivity services Ethernet Connect and IP Connect.
In this way, the company includes most of its services in the certification coverage, since Personalized Management refers to the professional services deployed on the Evolutio portfolio, which includes the functions ...
(Read more)
LEET Security's cybersecurity rating methodology is developed cyclically, with annual audits being the fundamental means of granting the rating, but not the only one. As described in the rating guide, the services are subject to monitoring throughout its validity.
One of the components of this continuous monitoring consists of the digital supervision of the entity, which has been carried out by reviewing "pastebines" type forums. To have a better perspective on this aspect, we have signed an agreement with the Dualogy company, for the use of its MrLooquer tool, which allows us to monitor the footprint of our clients on the Internet and to know, in ...
(Read more)
Unisys has recently obtained the renewal of the security rating for its support services and maintenance of applications and information systems, maintaining the global level BBB, although it has obtained a higher result, level A, for some of the corresponding sections. Systems Operation, Personnel Safety, Resilience and Safe Development.
Thus, in addition to accrediting the implementation of a security management system and the effective application of a control framework and high-level security measures in the three dimensions evaluated (confidentiality, integrity and availability), it is I manifest the vocation to improve its cybersecurity capabilities with which the company operates.
The complete and rigorous evaluation carried out by LEET Security to grant this rating is a guarantee of reliability in all the management and execution processes of projects and services that Unisys provides to its clients.
In addition to the audit carried ...
(Read more)
Following the recommendations of the health authorities, given the evolution that the epidemiological outbreak of COVID-19 is presenting, and in particular to reduce both travel and meetings, at LEET we have established the following measures:
· For accreditation maintenance activities, an alternative evaluation process has been established, eliminating all on-site activities and replacing them with other remote evaluation techniques.
· Initial audits or expansion processes will be attempted remotely. If this is not possible, they will be temporarily postponed.
· In any case, these anomalies will be adequately justified and recorded, as established by the ENAC recommendations in this regard.
These measures will be applied in the period between March 16 and April 30, a period that could be modified if the extraordinary measures established by the Government continued.
From LEET Security we will notify the affected entities in due time, indicating ...
(Read more)
An article by our CEO published in IT Digital Security magazine on the ENS in the year in which the National Security Scheme turns a decade old. Happy Birthday!
Clicking on the image you can read the full article (in Spanish)
Suscribe to our newsletter here
LEET Security joins ‘Patrocina un deportista’ (Sponsor an Athlete) program as one of the new sponsors supporting the Olympic and Paralympic sport. In a year as important as this, with an eye on Tokyo 2020, the goal is to achieve dreams together with athletes who want to be at Olympic event. LEET Security begins to support triathlete Dani Molina and weightlifter Loida Zabala.
Dani Molina has always had the sport as a fundamental part of his life, but with 22 years everything changed. Dani suffered a serious motorcycle accident and, however, far from giving up after losing his right leg, going through various operations and a year of recovery until he could walk again, he decided to go swimming again (one of his passions as a child). From there he jumped into practicing triathlon. He has managed to become champion ...
(Read more)
Our CEO Antonio Ramos shared his vision on safety of technological devices, such as smart speakers, that have been a star gift this Christmas with Juanma Ortega in "Despiértame Juanma" program, Melodía FM. Don't miss it!
Who does not have at home a smart TV, a smart speaker or a doll with an internet connection? Do you know if these products have passed a cybersecurity test?
Listen to the full interview using this this link
Suscribe to our newsletter here
IBM has obtained concurrently the certification of conformity with the National Security Scheme (ENS) in HIGH category and the LEET Security rating with AAA level for the Public Cloud services based on its European Union CPDs. The multinational has obtained both through an audit process that unifies the evaluation of the security measures contemplated in both schemes.
For the achievement of the two accreditations, LEET Security has assessed, not only the operation according to the certified security management system followed by IBM for these same services, but also the level of robustness and strengh of the security measures themselves implemented for the rated services, as well as the ability to recover in the event of incidents, thus providing IBM customers with clear and transparent information about the security of their services.
The technological multinational thus takes another step in the ...
(Read more)
The security of the supply chain is becoming one of the most important aspects on the agenda of many organizations. This may be due to regulatory impositions, as is the case of financial institutions, on the part of both the European Central Bank (ECB) and the European Banking Authority (EBA), or also due to a growing awareness of the impact that the supply chain has on the business itself. And this awareness has a lot to do with the application of the European General Data Protection Regulation, which explicitly obliges the controllers to ensure that the third parties to whom they subcontract the processing of the data in their possession comply with the security measures that the responsibles should demand them.
Although, in fact, the concern for the supply chain extends beyond the personal data, since from that chain also ...
(Read more)
We have heard some news in these first months of 2018 related to the National Security Scheme (ENS), mandatory compliance framework in terms of IT security in Public Administration field.
In February, LEET Security was accredited as certification entity in accordance with the ENS, and in April the approval resolutions of two new Technical Security Instructions were published in the Official Government Bulletin; whose objective is to properly develop the implementation of requirements and measures included in the ENS (Royal Decree 3/2010).
On the one hand, the resolution of March 27, 2018 approves the Technical Security Instruction for Information Systems Security Audit (BOE-A-2018-4573). And secondly, the resolution of April 13, 2018 approves the Technical Security Instruction for Security Incidents Notification (BOE-A-2018-5370).
The purpose of the Audit Security Technical Instruction is to establish the conditions for carrying out the ...
(Read more)
Spanish digital services multinational Stratesys has obtained the Cybersecurity rating from LEET Security, which credits its effectiveness and quality in the development, support and maintenance of applications on the virtual environment of its clients. This certification shows the effective application by the consulting company of a high control framework and security measures in the three evaluated dimensions: confidentiality, integrity and availability.
The rating recognizes not only Stratesys' operations in terms of security management but also endorses the level of robustness and rigor of the security measures with which it provides remote services for support and maintenance of applications.
In this sense, Andreas Makrandreou, partner-director of Stratesys, assures that "the recognition of LEET Security is a guarantee of reliability and excellence in all the processes of management and execution of projects and services that we are providing to our clients. In ...
(Read more)
Finally, it is here. For some time now, our clients and other entities interested in rating have been asking us for a simpler form, but keeping all the rigor incorporated within our methodology, to carry out the evaluation of their cybersecurity levels online.
And this is what we have done, incorporating all the controls and algorithms used in the qualification, within the E-Qualify tool, to carry out the analysis in a self-assessment format.
E-Qualify contains the complete rating framework, which allows the assessment of all aspects related to security in the provision of its services, covered in the 14 domains and 76 sections of the methodology, to provide the result based on the answers provided during the process. The evaluation report includes not only the global score, in the three dimensions of Confidentiality, Integrity ...
(Read more)
Last April, 27, LEET Security participate in the Club de la Excelencia en Gestión section at program Pulso Empresarial with Antonio Ramos, together with Miquel Romero i Grané, Members and Knowledge Director to present the resutls of the Study 'Corporations and Cybersecurity'.
During the interview, we review the more relevant results of this Study, together with a short and clear explanation of key points of security rating: what is security rating? What elements are assessed? What is the meaning of rating?... And, also, some reflections on the impact of new privacy regullation (GDPR), cybersecurity accountability in corporations or, even, how rating could be incorporated into corporate compliance.
Interview can be hear in the followink ling from minute 30 ahead (in Spanish): link to the podcast and the CEG review of the interview at this link.
In this webinar organized by Valencia Chapter of ISACA, we share the paper given by Antonio Ramos in CSX2016 Europe event organized by ISACA in London, past October. As stated in the title, we will address the options an organization has to know, to understand and to manage the cyber risk of relationships with third parties, both providers and partners, connected and non-connected services and, of course, taking into account the organization risk appetite.
In this link you can register and, in the following days, we will also share the record of the webinar for being watched in the future... (link to recorded session)
¡¡Join us!!
Last May, 14 and related to the recent incident on Friday known as WannaCry, Founder Partner of LEET Security, Antonio Ramos, has been interviewed for the News, both in La 1 and Telecinco channels.
In the following links, we include reference to both media:
Free access. You can downlowd the full program and register here.
After Snowden, some days ago media published a new case. Again, a Booz Allen Hamilton employe has been charged of secrets theft. It is not clear yet, if he has passed this documents, if he is a spy o if, simply, he was storing that information.
Read more about these news in our journal "Information Security rating and labeling magazine" or at:
The New York Times, "N.S.A. Contractor Arrested in Possilbe New Thef of Secrets"
Schneier on Security, "NSA Contractor arrested for Stealing Classified Information"
HelpNetSecurity, "Why attaching security to each piece of data is critical"
Forbes, "After Snowden, Another Booz Allen Contractor Accused of Stealing NSA Files"
SecurityAffairs, "Once again an NSA contractor is the headlines for the alleged theft of secret exploit codes and highly confidential documents"
The paper presented by LEET Security to Iberoamerican Congress of ICT Governance and Advanced Management (gigaTIC16), "(Security) Vendor Risk Management: You cannot live without it", has been selected by the organizing committee of ISACA Barcelona and itSMF España at Catalonia. Therefore, next April, 28th at Telefónica Difital 00 Auditorium in Barcelona, we will have the opportunity to share how security rating can be used in vendor risk mamagement processes.
In our presentation, we will analyze how the growing dependency of third parties due to tendencies like digital transformation or shadow IT, makes necessary to analyze and manage the cybersecurity risk of that vendors. And, once you hace to manage third party risks, we will explore how security rating improves effectiveness and efficiency of this process allowing managing a high numer of vendors with a very adjusted resources allocation ...
(Read more)
Next March, 18th, European Commission is hosting a workshop on cloud security with the subtitle: "Building Trust in Cloud Services - Certification and Beyond". The workshop will be facilitated by the European Commission and will focus on the following issues:
In each session throughout the day, panels of experts in cloud computing will touch on their own experience to convey their perspective of these issues. Participants will be invited to actively discuss their own experience of these issues and together prioritise mechanisms to address them.
LEET Security ...
(Read more)
On December 30, 2015, Aiuken Solutions achieved the rating seal of its services under the assessment and labeling methodology by LEET Security.
Aiuken has addressed the rating of services provided from its managed security center (SOC), consisting of "Managed Security Services" (which include data protection services, IT systems operation and threat management), “Web Application Firewall (WAF) services” and the "Anti-DDoS services", obtaining in all of them the triple C C C rating, which demonstrates the effective implementation of a large framework of control and security measures in all three evaluated dimensions (CIA: confidentiality, integrity and availability).
LEET Security rating evaluates beyond operational practices according to a ISMP, but the level of robustness and rigor of their own security measures implemented into the services and the resilience in case incident, providing Aiuken’s customers with a clear and transparent information on ...
(Read more)
INCIBE, entity under Ministry of Industry, Energy and Tourism, and LEET Security, have signed a collaboration agreement to jointly develop a cybersecurity capability building model for industrial systems and applicable to strategic and critical infrastructures.
This model will be based on the methodology developed by LEET Security to build up a labelling system that rates the efectiveness and maturity of security measures implemented by providers in their ICT services, and that will be adapted and evolutioned together with INCIBE to keep the allignment with international standards and good practices like NIST, ISA, ENISA, etc., as well as the own LEET Security model, creating a rating system based on 5 levels, from E to A.
This model to be developed will be also alligned with the rest of initiatives developed in the Security and Industry CERT (CERTSI_) dependent on INCIBE and ...
LEET Security has acceded to the Collaboration Agreement "Smart City" of Móstoles City Council with the project " Reliable and Cybersecure Smart City" that seeks to assure that technological services that support smart city projects started in the town are trustworthy.
This project will develop, firstly, a pilot phase with ICT services users related with Mostoles City Council and associated entities to evaluate and identify the cybersecurity requirements that should be added to those ICT services in order to provide confidence and privacy conditions to the information managed.
And, secondly, special conditions will be offered to ICT service providers located in Mostoles for adhering to security rating and labelling services, so that Mostoles town will become a pole of attraction for technological service providers that would bid for transparency and cibersecurity as they would become a reference at an European ...
(Read more)
Rural Servicios Informáticos (RSI), entity that provides core banking services to Rural Groupo and other financial entities, has become first organization in rate the security of services provided gaining a B B A label according to LEET Security rating system.
RSI has become the first organization in gaining the rating security label offered by LEET Security.
RSI has undergone the rating of its 3 main services offered ('Services to Members', 'Services to Third Parties' and 'Internal Services') obtaining in all of them the level B B A. This rating level shows the effective application of a high control framework and security measures in the three dimensiones rated (confidenciality, integrity and availability).
The innovative security rating service offered by LEET Security provides information to RSI clients about security measures implemented, as well as its reponsed capacity in case of incident ...
(Read more)
INCIBE (Instituo Nacional de Ciberseguridad) has just published leet security rating mechanism in its website section "Make Trustworthy Business". This publication entails an analysis process by INCIBE abouth mechanism characteristics that ends with the publication of a summary of the main system characteristics in the website (link).
As general summary, as stated in the information published by INCIBE, "this labeling / kite mark implies a rating of the provider being reviewed [the one that provides the service rated]. Therefore is quite important to check the rating of the label. This rating, refering to three dimensions of security, rates from A to E. In this scale, A means a higher security and maturity than E."
From leet security we would like to thank INCIBE by the willingness to add our security labeling mechanism to this section of its website due to the ...
(Read more)
European Union Agency for Network and Information Security (ENISA), supporting the activities of the EU Cloud Strategy, has published a list of the existing Cloud Certification schemes (CCSL – Cloud Computing Certification Schemes List). This initiative will help potencial cloud users decide on the security of different cloud solutions. The list was developed by ENISA in close collaboration with the European Commission and the private sector (EC Certification Selected Industry Group).
CCSL gives an overview of different existing certification schemes which could be relevant for cloud computing customers. CCSL also shows which are the main characteristics of each certification scheme. For example, CCSL answers questions like "who issues ...
Evicertia understands the importance of provide transparency to the security they implement in their services and, for that reason, it has relied on leet security rating system to label the security of all its services.
eVicertia (Evidencias Certificadas, SL), in his continuous efforts in security, understands that transparency is essential to build up trust with its users and, for that reason, it has decided to become the first company in adopt the rating system proposed by leet security, rating agency.
Thanks to this agreement, eVicertia and leet security will work together to verify the applicability of rating guide in all the services of certified notification provided by eVicertia (eviNotice, eviMail, eviSign y eviSMS) and the use of this security labeling system in these services.
Full text of press release (in Spanish) [PDF]
Antonio Ramos, CEO of security rating agency will participate in the 1st Workshop of Research in ICT Security Technologies organized by AEI Seguridad next 30th, November in León (Spain). The title of the paper that will be presented by our CEO in this Workshop is "Application of rating models to cloud services security assessments". We hope you in León...
Antonio Ramos, CEO of security rating agency will participate in the first edition of Segurinfo organized by Usuaria Association in Spain the next 21st of November in the Palacio de Congresos (Madrid). Conference talks are organized in two tracks, one about security economics and other about cybersecurity and our CEO participation will be "Buying security services" and will talk about utilization of security rating for solving asymmetric information issues in ICT services. We will see you there...
Antonio Ramos, CEO of security rating agency will present the session "Rating cloud services security" inside the Conference VISION12 organized by itSMF Spain the following 19th and 20th of November in Madrid.
In this link you will find the register page for if you are interested in being with us...
Antonio Ramos, CEO of security rating agency and author of blog Carpe Diem will be at 6th Edition of ENISE - Encuentro Internacional de SEguridad de la Información (Information Security International Meeting) that INTECO organizes annually at León (Spain).
Specifically, Antonio Ramos will participate in the session "Security bloggers meeting 2012" that will takes place on 23th between 18:30 and 20:30.
Full text of the press release [in Spanish]
EuroCloud España, consciente de las garantías demandadas por los usuarios acerca de la seguridad y confidencialidad de los datos almacenados en la Nube, ha firmado un acuerdo de colaboración con la agencia de calificación de servicios TIC, Leet Security, para facilitar el acceso de sus asociados a este sistema de generación de confianza.
La calificación ofrecida por Leet Security sobre los asociados de EuroCloud España contará con el respaldo de la organización de cloud computing y estará disponible para su consulta. De esta manera, aquellos interesados en contratar soluciones de cloud computing podrán comparar antes de contratar un servicio la confidencialidad, integridad y disponibilidad ofrecida por distintos los proveedores y elegir entre ellas según sus propias necesidades.
El sistema de calificación para la contratación de servicios TIC desarrollado ...
(Read more)
Ayer, día 29 de mayo, tuvo lugar la inauguración oficial del Vivero de Empresas de Móstoles con la presencia del Alcalde de Móstoles, Daniel Órtiz (@danielortizesp) y la Ministra de Empleo y Seguridad Social, Fátima Bañez (@FatimaBanez). Después de la inauguración y antes de los discursos institucionales, tuvimos la suerte de contar con la visita de la comitiva liderada por la Señora Ministra a nuestras instalaciones en el Vivero. Os dejamos con los vídeos de la visita:
itSMF España junto a la Universidad Carlos III de Madrid, la Universidad de Oviedo y la Universidad de Extremadura organizan el próximo 28 de mayo, el Academic ITGSM12: VII Congreso Académico Internacional en Gobierno y Gestión del Servicio de las Tecnologías de la Información (TI).
El Congreso Academic ITGSM12 se centra en pedir a la comunidad Académica y de las empresas más innovadoras que compartan su visión, investigaciones y trabajos que ayuden a impulsar al tejido empresarial a avanzar ante este nuevo reto. Siguiendo esta línea argumental, la temática del congreso se agrupará en torno a las últimas prácticas, experiencias e investigaciones del Gobierno y la Gestión del Servicio de unas tecnologías de la información que son clave para la sociedad y la economía ...
(Read more)
El próximo jueves, 26 de abril, a las 19:00, participaremos en la conferencia organizada por la Asociación de Titulados Universitarios Oficiales en Informática (ALI) y el Colegio Profesional de Ingenieros Técnicos en Informática de la Comunidad de Madrid (CPITICM) en el Salón de Grados de la Facultad de Informática de la UPM ubicada en el campus Sur (Ctra. Valencia, km. 7)
Título: Conferencia ALI - CPITICM: "La calificación de seguridad TIC" Lugar: Sala de grados Escuela Universitaria de Informática - Campus Sur UPM (Ctra. Valencia, km. 7 - Madrid) Hora de Inicio: 19:00 Date: 2012/04/26 Hora de Finalización: 21:00
Nos hemos decidido a crear también nuestra página en Google+. A partir de ahora podrás encontrarnos también aquí: leet security en Google+
El regidor de Móstoles, que ha entregado las llaves de las oficinas, ha resaltado la vocación de los emprendedores seleccionados en la búsqueda de nuevos yacimientos de empleo, ideas relacionadas con las nuevas tecnologías y las redes sociales y, en general, de proyectos alejados de la oferta productiva habitual. El Alcalde de Móstoles, Daniel Ortiz, ha destacado el perfil innovador y pionero de los sectores laborales de los emprendedores que radicarán sus negocios en el nuevo Vivero de Empresas. El regidor, que ha entregado las llaves de las oficinas, ha resaltado la vocación de los emprendedores seleccionados en la búsqu3eda de nuevos yacimientos de empleo, ideas relacionadas con las nuevas tecnologías y las redes sociales y, en general, de proyectos alejados de la oferta productiva habitual. Enlace a la noticia original
Magazine article by SIC describing the rating system and discuss its applicability to the procurement of ICT services. Link to the magazine article
If you think your service provider is going to take care of everything, then you have another thing coming. Dark reading - Tech Center: Cloud Security. Jun 03, 2011
